Stefano Rivera pushed to branch pypy3-triage at Debian Security Tracker / security-tracker
Commits: 51264008 by security tracker role at 2025-07-06T08:12:02+00:00 automatic update - - - - - df4bac5b by Salvatore Bonaccorso at 2025-07-06T13:45:32+02:00 Process some NFUs - - - - - 0a068746 by Salvatore Bonaccorso at 2025-07-06T14:58:12+02:00 Add CVE-2025-38235/linux - - - - - 48a1ed00 by Stefano Rivera at 2025-07-06T17:33:15+02:00 Triage pypy3 bugs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,5 +1,132 @@ -CVE-2025-7074 (A vulnerability classified as problematic has been found in vercel hyp ...) +CVE-2025-38235 [HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4540e41e753a7d69ecd3f5bad51fe620205c3a18 (6.16-rc4) +CVE-2025-7077 (A vulnerability classified as critical has been found in Shenzhen Libi ...) + NOT-FOR-US: Shenzhen Libituo Technology LBT-T300-T310 +CVE-2025-7076 (A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It ...) + NOT-FOR-US: BlackVue Dashcam 590X +CVE-2025-7075 (A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It ...) + NOT-FOR-US: BlackVue Dashcam 590X +CVE-2025-6022 + REJECTED +CVE-2025-5316 + REJECTED +CVE-2025-5104 + REJECTED +CVE-2025-4950 + REJECTED +CVE-2025-4694 + REJECTED +CVE-2025-3896 + REJECTED +CVE-2025-3524 + REJECTED +CVE-2025-3283 + REJECTED +CVE-2025-3156 + REJECTED +CVE-2025-3094 + REJECTED +CVE-2025-2904 + REJECTED +CVE-2025-2856 + REJECTED +CVE-2025-2718 + REJECTED +CVE-2025-2504 + REJECTED +CVE-2025-2422 + REJECTED +CVE-2025-27446 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) TODO: check +CVE-2025-1990 + REJECTED +CVE-2025-1772 + REJECTED +CVE-2025-1737 + REJECTED +CVE-2025-1631 + REJECTED +CVE-2025-1573 + REJECTED +CVE-2025-1569 + REJECTED +CVE-2025-1318 + REJECTED +CVE-2025-1317 + REJECTED +CVE-2025-1297 + REJECTED +CVE-2025-1234 + REJECTED +CVE-2025-0654 + REJECTED +CVE-2025-0305 + REJECTED +CVE-2024-9012 + REJECTED +CVE-2024-8895 + REJECTED +CVE-2024-7403 + REJECTED +CVE-2024-6616 + REJECTED +CVE-2024-6475 + REJECTED +CVE-2024-6474 + REJECTED +CVE-2024-5900 + REJECTED +CVE-2024-5054 + REJECTED +CVE-2024-5007 + REJECTED +CVE-2024-4938 + REJECTED +CVE-2024-3960 + REJECTED +CVE-2024-3953 + REJECTED +CVE-2024-3510 + REJECTED +CVE-2024-2219 + REJECTED +CVE-2024-12804 + REJECTED +CVE-2024-12762 + REJECTED +CVE-2024-12758 + REJECTED +CVE-2024-12685 + REJECTED +CVE-2024-12681 + REJECTED +CVE-2024-12154 + REJECTED +CVE-2024-11505 + REJECTED +CVE-2024-11389 + REJECTED +CVE-2024-11105 + REJECTED +CVE-2024-10243 + REJECTED +CVE-2024-10212 + REJECTED +CVE-2024-0398 + REJECTED +CVE-2023-6820 + REJECTED +CVE-2023-6818 + REJECTED +CVE-2023-6770 + REJECTED +CVE-2023-6726 + REJECTED +CVE-2023-5361 + REJECTED +CVE-2025-7074 (A vulnerability classified as problematic has been found in vercel hyp ...) + NOT-FOR-US: vercel hyper CVE-2025-7070 (A vulnerability has been found in IROAD Dashcam Q9 up to 20250624 and ...) NOT-FOR-US: IROAD Dashcam Q9 CVE-2025-7069 (A vulnerability, which was classified as problematic, was found in HDF ...) @@ -9826,6 +9953,7 @@ CVE-2025-4330 (Allows the extraction filter to be ignored, allowing symlink targ - python3.11 <removed> [bookworm] - python3.11 <not-affected> (Vulnerable code didn't get backported to the version in Bookworm) - python3.9 <not-affected> (Vulnerable code got backported to 3.9.17, but dropped from sid with 3.9.13) + - pypy3 7.3.18+dfsg-1 - python2.7 <not-affected> (Vulnerable code introduced in 3.12) - jython <not-affected> (Vulnerable code introduced in 3.12) NOTE: https://github.com/python/cpython/issues/135034 @@ -9949,6 +10077,7 @@ CVE-2024-12718 (Allows modifying some file metadata (e.g. last modified) with fi - python3.9 <not-affected> (Vulnerable code introduced in 3.12) - python2.7 <not-affected> (Vulnerable code introduced in 3.12) - jython <not-affected> (Vulnerable code introduced in 3.12) + - pypy3 <not-affected> (Vulnerable code introduced in 3.12) NOTE: https://github.com/python/cpython/issues/135034 NOTE: https://github.com/python/cpython/pull/135037 NOTE: https://mail.python.org/archives/list/[email protected]/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ @@ -14928,6 +15057,7 @@ CVE-2025-4516 (There is an issue in CPython when using `bytes.decode("unicode_es [bookworm] - python3.11 <no-dsa> (Minor issue) - python3.9 <removed> [bullseye] - python3.9 <postponed> (Minor issue, likely DoS-only, fix along with next update) + - pypy3 <not-affected> (Vulnerable code not present; memory error in C code implementation) NOTE: https://mail.python.org/archives/list/[email protected]/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ NOTE: PoC: https://www.openwall.com/lists/oss-security/2025/05/19/1 NOTE: https://github.com/python/cpython/issues/133767 @@ -39996,6 +40126,7 @@ CVE-2025-1795 (During an address list folding when a separating comma ends up on - python3.11 <removed> [bookworm] - python3.11 3.11.2-6+deb12u6 - python3.9 <removed> + - pypy3 7.3.18+dfsg-1 NOTE: https://github.com/python/cpython/issues/100884 NOTE: Regression issue: https://github.com/python/cpython/issues/118643 NOTE: https://mail.python.org/archives/list/[email protected]/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1b63c5a0a86d120fcab7b541d4a2a96534b49871...48a1ed00855c9f7f72e407a0ac26e38ce55dc911 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1b63c5a0a86d120fcab7b541d4a2a96534b49871...48a1ed00855c9f7f72e407a0ac26e38ce55dc911 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
